Mobile Security
Kaspersky Investigates Spyware Involved in iOS Zero-Click Assault
Kaspersky, the Russian anti-malware provider, has delved into the spyware module used in a recent zero-click iMessage attack that was aimed at iOS devices...
Data Leaks
What is Data Security Posture Management (DSPM) and Why Does It Matter?
Data Leaks
admin - 0
Data Security Posture Management is a strategy that focuses on the security of cloud data, ensuring that sensitive data maintains its proper security posture,...
U.S. Firms Now Obliged to Disclose Cyber Attacks Within 4 Days, New SEC Regulations Demand
Data Leaks
admin - 0
The U.S. Securities and Exchange Commission (SEC) on Wednesday sanctioned new rules necessitating publicly listed firms to disclose information about a cyber attack within...
In a move that underscores the continued consolidation in the cybersecurity sector, enterprise security giant Check Point has announced its acquisition of Perimeter 81....
Cybercrime
APT31’s Sophisticated Backdoor Techniques and Data Transfer Methods Revealed
Chinese cyberespionage group APT31, also identified as Bronze Vinewood, Judgement Panda, or Violet Typhoon, is now connected to cutting-edge backdoors proficient in discreetly transmitting confidential data to Dropbox.
This malware is among a vast suite of over 15 tools employed by the adversary during their 2022 cyber-attacks on industrial entities...
Emerging Side-Channel Threats: Insights into Modern CPU Vulnerabilities
Cutting-edge research in cybersecurity has unveiled a series of side-channel attacks with potential to expose sensitive data from the latest CPUs.
Termed as Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), these groundbreaking techniques emerge on the heels of another vulnerability spotlighting AMD's Zen 2 architecture processors, branded as Zenbleed (CVE-2023-20593).
"Billions...
Rising Use of EvilProxy Tool Targets Senior Executives in Phishing Schemes
Cybercrime
admin - 0
High-ranking corporate officials are now the prime targets for cybercriminals, as they intensify their use of the EvilProxy phishing kit in sophisticated account takeover attempts.
A recent survey from Proofpoint disclosed an escalating hybrid operation that employed the EvilProxy toolkit to focus on Microsoft 365 user accounts. Between March and...
Misuse of Microsoft’s Cross-Tenant Sync Feature
Cybercrime
admin - 0
Cybercriminals are increasingly focusing their efforts on exploiting Microsoft identities to infiltrate not only Microsoft applications but also associated SaaS platforms. Their modus operandi doesn't necessarily involve leveraging vulnerabilities; instead, they manipulate intrinsic Microsoft features to reach their objectives. A case in point is Nobelium, the group associated with...
Microsoft Unmasks Cunning Phishing Schemes of Russian Cybercriminals via Microsoft Teams Communications
Cybercrime
admin - 0
Microsoft revealed on Wednesday that it has detected a range of meticulously planned social engineering offensives conducted by a Russian state-associated cyber threat actor that uses Microsoft Teams chats as a means for phishing attacks to swipe credentials.
The tech behemoth has linked these cyber offensives to a group it...